IETF Logo Mail Archive

Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt

Jeffrey E Altman <jaltman@auristor.com> Tue, 07 April 2020 01:52 UTC

Return-Path: <prvs=1366f3357a=jaltman@auristor.com>
X-Original-To: kitten@ietfa.amsl.com
Delivered-To: kitten@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D71033A12F6 for <kitten@ietfa.amsl.com>; Mon, 6 Apr 2020 18:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=auristor.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 99glKruc589w for <kitten@ietfa.amsl.com>; Mon, 6 Apr 2020 18:52:18 -0700 (PDT)
Received: from sequoia-grove.secure-endpoints.com (sequoia-grove.ad.secure-endpoints.com [208.125.0.235]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFB443A12F3 for <kitten@ietf.org>; Mon, 6 Apr 2020 18:52:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/relaxed; d=auristor.com; s=MDaemon; t=1586224336; x=1586829136; i=jaltman@auristor.com; q=dns/txt; h=VBR-Info:Subject:To:Cc: References:From:Organization:Message-ID:Date:User-Agent: MIME-Version:In-Reply-To:Content-Type; bh=mUNl3J8YnE9WfINMdowLEA Lf89vJws9KJuFZQA2nJJ4=; b=qwG+qFKZjDq2okdr3ISiFXe7cV5GCgwUaluWT4 bIrjgnFSoDXv4w0j47S/zNmUpNxGT02MB2dvPJ/Tw6ocq6Um5sZ7Gms2W2MHeUtA s7YWxiw0jeffihF3SUXglHws+aYYN8xPobCdc2teQQq5xgM2FEQiAR2ETgSkk4it kKaFc=
X-MDAV-Result: clean
X-MDAV-Processed: sequoia-grove.secure-endpoints.com, Mon, 06 Apr 2020 21:52:16 -0400
Received: by auristor.com (208.125.0.235) (MDaemon PRO v20.0.0rc1) with ESMTPSA id md5001002398729.msg; Mon, 06 Apr 2020 21:52:15 -0400
VBR-Info: md=auristor.com; mc=all; mv=vbr.emailcertification.org;
X-Spam-Processed: sequoia-grove.secure-endpoints.com, Mon, 06 Apr 2020 21:52:15 -0400 (not processed: message from trusted or authenticated source)
X-MDRemoteIP: 66.108.226.6
X-MDArrival-Date: Mon, 06 Apr 2020 21:52:15 -0400
X-MDOrigin-Country: United States, North America
X-Authenticated-Sender: jaltman@auristor.com
X-Return-Path: prvs=1366f3357a=jaltman@auristor.com
X-Envelope-From: jaltman@auristor.com
X-MDaemon-Deliver-To: kitten@ietf.org
To: Luke Howard <lukeh@padl.com>, Nicolas Williams <nico@cryptonector.com>
Cc: "kitten@ietf.org" <kitten@ietf.org>
References: <158604472122.27168.16112727090339772628@ietfa.amsl.com> <B2497A4F-81B3-42F9-AED1-CFECF1D9F7C0@padl.com> <20200405234929.GD18021@localhost> <38ED72E1-3361-4242-9923-C3BE61698BE0@padl.com> <20200406011026.GG18021@localhost> <E5951DC2-569F-48FB-8458-50D0CC8A4BAC@padl.com> <4E7EFAC6-3E51-4FC7-B0F1-2F886BBC1F56@lukehoward.com> <20200406152828.GK18021@localhost> <47052E79-71C9-482E-AF42-D46C44F9AA47@padl.com>
From: Jeffrey E Altman <jaltman@auristor.com>
Organization: AuriStor, Inc.
Message-ID: <ccc68323-89a7-0bc8-a0b2-b785effb2752@auristor.com>
Date: Mon, 06 Apr 2020 21:51:40 -0400
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.6.0
MIME-Version: 1.0
In-Reply-To: <47052E79-71C9-482E-AF42-D46C44F9AA47@padl.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms040801090306080006000007"
X-MDCFSigsAdded: auristor.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/kitten/eFF1-HkYQwyE8QLz65WkGDi1dcI>
X-Mailman-Approved-At: Tue, 07 Apr 2020 07:56:12 -0700
Subject: Re: [kitten] New Version Notification for draft-howard-gss-sanon-01.txt
X-BeenThere: kitten@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Common Authentication Technologies - Next Generation <kitten.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/kitten>, <mailto:kitten-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/kitten/>
List-Post: <mailto:kitten@ietf.org>
List-Help: <mailto:kitten-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/kitten>, <mailto:kitten-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 07 Apr 2020 14:19:50 -0000

On 4/6/2020 6:59 PM, Luke Howard wrote:
> Jeff suggests informational track.

In my opinion getting something shipped quickly requires a private
organization oid and informational track.   We should publish NegoEx as
informational as well since we are going to depend on it.

I don't think there is any benefit to experimental since NegoEx is
unpublished.  I suspect that all of the original Microsoft editors have
moved on.
> I’ve fixed the NegoEx thing anyway in the most recent draft.
> 
> The NegoEx authors did not envisage a mechanism being negotiated under
> both SPNEGO and NegoEx, so it doesn’t say anything about the preference
> order of such a mechanism. (It was possible to build such a mechanism up
> to Windows 8, but this was an accident that was then corrected.)

I don't believe that SAnon is a good choice for SPNEGO.  One reason I
want to negotiate it under NegoEx is to prefer krb5-anon if its
configured and only use SAnon for the case where krb5-anon is unavailable.

Jeffrey Altman

v2.23.0 | Report a Bug | By Email